• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Security Design

 
Bartender
Posts: 667
14
TypeScript Fedora
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi All,

I am planning out how I will make an app.  It will handle all main interactions over websockets / polling.  

My question is about securing the websocket connection endpoints.
I will use other providers for authentication, like google. I was planning on using 2 different providers.


The client apps ( web and native mobile) will login and get a token from the provider of their choosing.
My idea is that the clients will send the outside authentication provider tokens to custom endpoints on the server side that will verify them.
The custom endpoints will return an access token generated by the server, that will be put in the header when they connect to the websocket endpoint.
The reason for generating my own token is so that I don't have to figure out where the token came from when the client tries to get a socket connection.

Another idea is instead of generating tokens, the server will just use the google / whatever tokens as it's own.  
I am leaning heavily toward the second idea because it would simplify the token system since I don't have to do anything except check if they are valid.

Is there any flaw with this?  Is there maybe something it looks like I don't understand?


Thank you

 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic